Attacks on The Proof of Stake

Posted by 刘学枫 on December 5, 2018

You may find interesting:


Long Range Attack On PoS

What is Proof of Stake

Proof of Stake (PoS) is a consensus algorithms for public blockchains that depend on a validator’s economic stake in the network and it is an alternative consensus mechanism to blockchain systems. Instead of consuming largely computational resource in PoW, PoS just need a little computational power to resolve a simple puzzel. Therefore, the majority of problems with PoS protocols arise from the fact that there is nothing physical “anchoring” in real-world. Meanwhile, that also means PoS is more energy efficiency.

权益证明(PoS)是区块链系统另一种公有链共识算法,其依赖于验证者在区块链网络里的经济权益。与需要耗费大量算力的PoW算法相比,PoS仅需要少量的算力去解决一个数学难题。因此PoS里大量问题的产生都与其未与现实世界中的物质产生“锚定”相关,但这也意味着PoS更节能高效。

Why PoS is Vulnerable?

Due to nothing “anchoring” in reality and validing a block only relative to validator’s deposit(i.e. stake), PoS is facing two critical problem: “Nothing at Stake Problem” and “Initial Distribution Porblem”.

由于PoS没有与现实世界中的任何东西发生“锚定”,而且验证出块仅与验证者的押金相关(i.e. 权益),导致PoS面临两个问题:“无利害问题”和“初始分配问题”。

Nothing at Stake Problem In many early (all chain-based) proof of stake algorithms, if there is a fork of the blockchain, all users are incentive to work on the top of all forked chain because of there is no penalties for this behavior. With a proof of work algorithm, such behavior is irrational that a miner have to split his computational power to work on both chain decreased the probability to find a block.

在早期的PoS共识算法里,如果网络中出现分叉,用户们都会倾向在所有的分叉链上同时参与出块,因为这种行为没有任何的害处。但在PoW算法里,这种行为却是不理智的,因为在多条分叉链上同时参与出块会分散算力,从而降低他们出块的概率。

Initial Distribution Problem In Bitcoin and other PoW systems, miners have an incentive to release their coins to others as they need to imporve their computational power continuously for mining more coins. But in a proof of stake system, the initial holders of coins will not have such an incentive since the coin balance directly contributes to their wealth.

在比特币或其它PoW系统里,矿工都有兑换加密货币的需求,以提升他们的矿力获取更多的加密货币。但是在PoS系统里,加密货币可以由所持有的权益来产生利息,因此在系统初始分配加密货币时,早期的受益者就没有激励因素去兑换加密货币。

Attack Tyeps for PoS

summarised some classical attacks for purely PoS protocol as follow:

总结一些纯PoS协议里常见的攻击如下:

Long Range Attack In a system with PoS consensus, an attacker possessing enough stakes can attempt to build an alternative blockchain starting from the very first block. In general, the attacker will start at the gensis block to consturct a private chain with some different transactions and publish his chain as long as the length of the private chain longer than the main one.

在PoS系统里,若攻击者持有大量的权益,他就可以构造一条分支链来替换掉原来的主链。通常而言,攻击者需要从创世区块开始构造一条私有链,链上可能存在与主链不一致的交易,当私有链比主链长时,攻击者就广播分支链替换掉主链。

Bribe Attack When the attacker want to start a double-spending attack, he can announce a reward to brive many validators to work on the block without the payment transaction(i.e. without six latest blocks) as long as the payment is expensive than the reward.

当攻击者想要实现双花时,他可以发起一笔奖励来贿赂区块验证者们在不包含攻击者双花交易的区块上分叉,废弃掉原来若干个的区块,只要贿赂的成本低于双花的收益。

Precomputing Attack When launching a procomputing attack, attacker must have enough computational power to influence the hash of current block by adjusting the transactions of current block(i.e. by adding a new transaction into current block), so he can precompute the next block’s validator according to the hash of current block.

发起预计算攻击时,攻击者需要拥有足够的计算力在轮到其出块时,通过调整当前区块的交易来产生当前区块的哈希值,从而不断地提前计算出下一个区块的出块者是否自身。

Reference

1.Proof of Stake versus Proof of Work 2.Proof of Stake FAQs